Suspected DNC & German Parliament Hacker Used His Name As His Email Password

from the opsec-yo dept

You may have seen the news reports this week that German prosecutors have issued an arrest warrant for Dmitry Badin for a massive hack of the German Parliament that made headlines in 2016. The reports about the German arrest warrant all mention that German authorities "believe" that Badin is connected to the Russian GRU and its APT28 hacking group.

The folks over at Bellingcat have done their open source intelligence investigation thing, and provided a ton of evidence to show that Badin almost certainly is part of GRU... including the fact that he registered his 2018 car purchase to the public address of a GRU building. This is not the first time this has happened. A few years back, Bellingcat also connected a bunch of people to the GRU -- including some accused of hacking by the Dutch government -- based on leaked car registration info.

There's much, much more in the Bellingcat report, but the final paragraph really stands out. Bellingcat also found Badin -- again, a hacker who is suspected in multiple massive and consequential hacks, including of email accounts -- didn't seem to be all that careful with his own security:

The most surreal absence of “practice-what-you-breach” among GRU hackers might be visible in their lackadaisical attitude to their own cyber protection. In 2018, a large collection of hacked Russian mail accounts, including user name and passwords, was dumped online. Dmitry Badin’s email — which we figured out from his Skype account, which we in turn obtained from his phone number, which we of course got from his car registration — had been hacked. He had apparently been using the password Badin1990. After this, his email credentials were leaked again as part of a larger hack, where we see that he had changed his password from Badin1990 to the much more secure Badin990.

Yes, the password for at least one of his email accounts... was apparently his own last name and the year he was born. The cobbler's kids go shoeless again.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: apt28, dmitry badin, dnc, dnc emails, email, germany, gru, hacking, opsec, passwords, podesta emails, russia


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 6 May 2020 @ 12:48pm

    There is 0 percent chance Russia is the actual problem or the source of the cyber intrusions.

    reply to this | link to this | view in chronology ]

    • icon
      Toom1275 (profile), 6 May 2020 @ 9:02pm

      Re:

      ... said no one with two or more functioning neurons, ever.

      reply to this | link to this | view in chronology ]

      • identicon
        Bobvious, 6 May 2020 @ 10:09pm

        Re: Re: 0 chance Russia................

        I think they forgot to update their nym to Anonymou /s Coward

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 May 2020 @ 11:01pm

        Re: Re:

        The first suspect and most likely only guilty party is almost always China.

        In the event it's not China, then it's India.

        North Korea, Japan, Germany, and possibly Spain, were the old guilty crowd but they appear to have completely lost the "cyber" conflict completely at this point.

        North Korea probably still has some kind of declared conflict that it created itself on its books that blames everyone else and can be used as a "state sponsor" of the activity.

        The cyber terrorists that attacked me blamed Bhutan for a while which is not functionally possible to my knowledge.

        If it was Russia that was the source of the global cyber terror menace then the Soviet Union would be more than a collection of treaties in some archive today like the Roman Empire turned into.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 May 2020 @ 2:41am

          Re: Re: Re:

          "The first suspect and most likely only guilty party is almost always China."

          I am not trusting analysis of a guy that forgot about existence of Israel.

          reply to this | link to this | view in chronology ]

        • icon
          Scary Devil Monastery (profile), 7 May 2020 @ 5:11am

          Re: Re: Re:

          "If it was Russia that was the source of the global cyber terror menace then the Soviet Union would be more than a collection of treaties in some archive today..."

          The soviet union which ended in 1991 at which point in time "cyberwarfare" consisted of individual hackers and the various governments of the world still thought a 14.4k modem was a revolutionary invention?

          Honestly, everything else being equal then yes, China will have the most hackers of anyone today, simply because they've spent the most on state-wide IT monitoring and supervision.
          But russia isn't exactly lacking either. And it's a mistake to assume that just because one of their most clumsy managed to screw himself it means they lack skilled crews.

          Like the ones who hacked the NSA to lift and spread the code that agency built for "monitoring and surveillance" - which was then used by criminals to create the Wcry cryptoworm.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 7 May 2020 @ 5:25am

            Re: Re: Re: Re:

            They still have soviet union stuff.

            You ended in 1991

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 7 May 2020 @ 5:30am

            Re: Re: Re: Re:

            cyberwarfare is outlawed by all countries and is not a form of warfare

            the "cyberwarfare", which is almost purely terrorism today, was in fact developed more than 1000 years ago when people noticed you could poison or kill someone with an EM field

            It was called witchcraft or sorcery and people got burned at the stake for it

            reply to this | link to this | view in chronology ]

  • identicon
    Anon, 6 May 2020 @ 1:01pm

    Common Registration technique

    IIRC one of the guys who poisoned the Russian ex-agent in Britain (and his daughter) was outed with among other things, proof that he'd registered his car to a GRU office despite claims he was not connected with them.

    Is there a benefit to sending local police looking to collect on outstanding traffic tickets to the address of the GRU?

    reply to this | link to this | view in chronology ]

  • icon
    Koby (profile), 6 May 2020 @ 1:03pm

    Convenience

    I remember years ago watching a tv show about scam artists. Police investigators who traced these types of crimes said that many of the victims of scams were perfectly intelligent, and that the common theme that tied scam victims together was mostly personal greed. This hacker demonstrates to me that proper online security practices are not tied to intelligence. Laziness perhaps? Convenience? But it's not intelligence.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 May 2020 @ 3:43am

      Re: Convenience

      That (you mean ashley madison?) isnt good evidence against Russia being involved in Germany

      That said, the title is misleading as the way the GRU operates, even the timing of the U.S. hacks don't add-up ro his entering Germany

      So i disagree with both this article and your analysis

      Russia is behind Germany but this had nothing to do with DNC, Techdirt, c'mon, don't assume if 1 Russian is behind 1, even if you believe they're somehow the only actor...

      (Everybody hacks everybody),.

      That this must contend a lack of supply, hackers. There are many people the GRU pickup. i personally doubt Russia was behind Podesta. that said, i fully accept they're behind much

      Let's not go to extremes of never-guilty, always guilty, bull claims of USB transfer or attempting to connect every campaign to 1 actor let alone 1 individual

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 May 2020 @ 3:48am

        Re: Re: Convenience

        The opsec here was dumb. While IC (BND) can fake this data, I highly doubt it

        Again though, nothing in this article does Mike include as relevant to DNC

        Why then include it in the title? The title is supposed to reflect the body. It doesn't here

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 May 2020 @ 3:47am

      Re: Convenience

      Unfortunately many have forgotten objectivity. it is always a dichotomy

      Things are more complex

      You're wrong, Koby as is Mike wrong

      Everybody's wrong. That said, i'd sooner believe Mike despite totally disagreeing with his claim

      Why? Plausibility versus probability

      It is impossible what you say, plausible what he says but neither is probable

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 May 2020 @ 3:49am

      Re: Convenience

      Not that even the FBI's suggested suspicion this is the same guy. tbh, I doubt they even know

      Any case, that isnt because i agree with your analysis

      At least for all the problematic title, Mike gets the content ok

      reply to this | link to this | view in chronology ]

  • identicon
    Bobvious, 6 May 2020 @ 4:10pm

    Things certainly were Bad in 1990

    But then it was Time for the Guru, https://www.youtube.com/watch?v=DQle7hAPpyE

    reply to this | link to this | view in chronology ]

  • identicon
    Crafty Coyote, 7 May 2020 @ 11:11am

    For Dmitry Badin- Three letters and four numbers that nobody will ever guess.

    "NSP-6969"

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.